The building that houses the Mt. Gox offices in Tokyo. Photo: Ariel Zambelich/WIRED

Mt. Gox, once the world’s largest bitcoin exchange, has gone offline, apparently after losing hundreds of millions of dollars due to a years-long hacking effort that went unnoticed by the company.

The hacking attack is detailed in a leaked “crisis strategy draft” plan, apparently created by Gox and published Monday by Ryan Selkis, a bitcoin entrepreneur and blogger (see below). According to the document, the exchange is insolvent after losing 744,408 bitcoins — worth about $350 million at Monday’s trading prices. The plan paints a bleak picture of the exchange’s finances and outlines an arbitrage scheme to restore the exchange to solvency. “The reality is that Mt. Gox can go bankrupt at any moment, and certainly deserves to as a company,” the document states.

WIRED couldn’t confirm the authenticity of the document. Reached Monday night, a Gox representative declined to comment on the document and referred us to the company’s webpage, before abruptly hanging up. But the website went offline a few hours after the company suspended trading on its exchange, and if the document is indeed authentic, the situation it described could reverberate across the world of bitcoin and possibly hamper the future of the digital currency.

Bitcoin insiders had been bracing for the worst from Mt. Gox for weeks, but the magnitude of the apparent theft — which would be the largest bitcoin heist ever — and the company’s alleged plan to replenish its stock of bitcoins took even seasoned bitcoiners by surprise. “Gox is the worst-run business in the history of the world,” said Roger Ver, in an instant message interview. Ver is a bitcoin advocate who lives across the street from Mt. Gox’s Tokyo offices and tried to help out the troubled exchange the last time it was hacked, back in 2011.

“Gox is the worst-run business in the history of the world” –Roger Ver, bitcoin advocate

A coalition of bitcoin businesses — including bitcoin wallet-makers Coinbase and Blockchain — quickly put out a statement as news of the hack spread. “This tragic violation of the trust of users of Mt. Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry,” they said. “There are hundreds of trustworthy and responsible companies involved in bitcoin.”

As WIRED reported earlier, Gox has been in trouble since U.S. authorities seized $5 million of the company’s U.S. assets last year. Gox had been operating in the U.S. without the proper money transmission permits. Since that seizure, customers had reported months-long delays in receiving cash for their bitcoins, and earlier this month, Gox suspended all withdrawals, blaming a bug in its bitcoin wallet software.

Now, according to the alleged leaked document, it looks like hackers had been exploiting that bug for two years, and even removing bitcoins from supposedly secure “cold” wallets that the company had stored offline. Typically, cold wallets are disconnected from the internet and cannot be emptied by online attackers. However, the “cold storage has been wiped out due to a leak in the hot wallet,” the document states.

Gox’s collapse is another black eye to a virtual currency that’s been struggling to go legit. Last month, Charlie Shrem, the CEO of U.S. bitcoin exchanger Bitinstant, was arrested on money laundering charges. Both Shrem and Gox CEO Mark Karpeles had been board members with the Bitcoin Foundation, the digital currency’s lobbying and software development group. Both have now stepped down. But according to the alleged Mt. Gox document, the bitcoin world faces even bigger problems that the loss of these two men. “This could be the end of bitcoin,” the document reads, “at least for most of the public.”

Here’s The Thing With Ad Blockers

We get it: Ads aren’t what you’re here for. But ads help us keep the lights on. So, add us to your ad blocker’s whitelist or pay $1 per week for an ad-free version of WIRED. Either way, you are supporting our journalism. We’d really appreciate it.